7 Cyber Threats You Should Be Aware Of In 2020
July 9, 2020
In 2015, the total worldwide cyber crime damages summed up to $3 trillion. The forecast predicts that this figure will double by 2021. With more people working from home due to the COVID-19 pandemic, you are bound to use online services more often. This makes you a target.
A cyber attack is a malicious and intentional venture by an organization or an individual that aims to breach the information system of another organization or individual. The cyber criminal tries to expose, alter, destroy, disable or gain unauthorized access to a system or group of systems.
7 Common Types Of Cyber Threats
Cyber threats come in many forms. They can attack any device, both computers and mobile phones. These malicious players target security holes that you may not even be aware of. In this section, we’ll list seven of these cyber threats. Although, these are not all, the attacks on this list are the ones you are most likely to experience.
Phishing is a type of social engineering combined with technical trickery. It goes by other names like trolling, identity theft, bogus email, and it’s most done by email spoofing. Although security efforts keep improving to combat cyber attacks, Phishing is one of the easiest and cheapest methods cyber criminals gain access to delicate information. For these attacks, the hacker emails you from an email address that you trust. These emails usually include a call-to-action or link. The body of the email tries to convince you to click this link urgently.
Clicking the link takes you one step closer to endangering your company’s security. It redirects you, again, to a web page that looks legitimate. Other links trigger the download of a malicious software. The attacker can harvest your login credentials, financial information including credit card details, and other personal information. You can also experience phishing attacks via phone call, text message, etc.
Spear Phishing is a sophisticated type of Phishing. Here, the cyber criminals research you and send targeted emails that are pretty relevant, personal and seem to come from reputable sources. Spear Phishing could be hard to identify.
To reduce the risk of being phished, the following techniques could assist you:
- Analyze email headers – The “Reply-to” and “Return-Path” should lead to the same domain.
- Hover above the link – Do Not Click the link. With your mouse, hover above the link and observe the URL it points to.
- Properly Analyze All Mails – Only click on mails when you are ready to go through them. You shouldn’t open a mail when you are stressed out or busy.
2. Social Engineering Attacks
Phishing attacks are a kind of the broader social engineering. Social engineering involves exploiting human interaction to discover vulnerabilities and gain access to sensitive information. Social Engineering cyber-attacks involve psychological manipulations to deceive users into making security blunders from which attackers steal sensitive information. Your best bet and defense against any type of Social Engineering attack is thorough training and education. The preventive measures for Phishing (above) also apply here.
3. Email-Based Attacks
Emails are used by billions of people worldwide. Due to its popularity, emails are one of the major “market” for cyber criminals. An email-based attack is a cyber crime targeted at email users. Here, an email is used to cause damage to an individual or a company by stealing important information and valuable resources like money.
Identity Theft, Phishing, Spear Phishing, Spamming, Whaling, and Business Email Compromise are common examples of email-based attacks. The outcomes of email-based attacks are often not friendly. It leaves adverse effects like:
- Malware: Malware has no good use to your computer. It aims to gain infrastructure control, farming credentials and to gain access to your passwords.
- Credential theft: Your credentials are often personal; if you are a victim of any form of Email-based attack, your credentials will end up in the wrong hands. Credentials like your logins, passwords, credit card details and other personal credentials.
- Wire-transfer fraud: Another consequence of Email-based attacks is fraud. The criminals gain access to your bank details and can wire money to their account at will. Another way this can be achieved is when the victim is tricked into changing the details of their bank account; then a recurring payment is made. Cyber criminals may also request their victims to pay a specific amount to get something in return.
4. Man-in-the-Middle (MitM) Attack
MitM attacks is a critical type of cyber crime. It goes by other names like eavesdropping attack, Wi-Fi spoofing, and IP spoofing. For this attack, hackers position themselves between the communications of a server and a client. From here, they can access data that you exchange with the party or device at the other end. You’re likely to be hit by this attack when you use unsecured public Wi-Fi. Hackers also cease access to a network when malware has breached a device.
The frustrating part of MitM attacks is that a victim may not be aware that their data is being breached. To prevent man-in-the-middle attacks, ensure you visit sites with good security certificates, make sure the URL is appended with “HTTPS” instead of “HTTP.” These days, most browsers warn you if you are accessing a vulnerable site, so pay attention to your browsers.
5. Drive-by Download Attacks
Hackers easily spread malware by using Drive-by download. In this mode of attack, cyber criminals don’t target specific victims. They simply exploit insecure sites by planting malicious codes into the HTTP or PHP code on one of the sites pages. When users visit these sites, malware is automatically installed, or they are redirected to a corrupted site. Drive-by downloads may be hiding in emails or pop-up windows.
To avoid drive-by downloads, ensure your plugins and apps are up-to-date. If possible, reduce the number of third-party apps or plugins on your device. Avoid suspicious sites and ensure your device’s firewall software are up-to-date.
6. (Distributed) Denial-of-Service (DDoS/DoS) Attacks
Denial-of-Service is a threat that you may face if you have an online business or access a server regularly. Here, the attacker overloads you with requests that will eventually exhaust your resources, and crash the system. The Distributed DoS (DDoS) attack is like the DoS attack but done on a larger scale. They launch DoS attacks from several compromised systems. This makes the DDoS more effective than the DoS attacks.
The forecast predicts that in 2022, the number of DDoS attacks is predicted to reach 14.5 million. It is a highly critical cyber threat. In June 2020, Amazon’s AWS suffered the worst DDoS attack. Big names like Github (2018), BBC (2015) and Bank of America (2012) have all been victims of DDoS.
DDoS has no direct benefit to an attacker. However, if the attacker is a competition who seeks to bring down the other, then this may be beneficial. Most times, DDoS attacks are carried out when a bigger attack is underway. Apart from keeping your anti-virus up-to-date, ensure your security patches are recent and monitor your traffic sources. A sudden spike in traffic could be a result of DDoS. Small and medium-sized business are not exempted from this attack.
7. Malware Attacks
Malicious software is often referred to as malware. They are unwanted software installed in your system without your consent. Hackers design viruses, Trojan horses, worms, and many others then attach themselves to legitimate codes, important applications or replicate them across different sites.
Malware is very common and comes in different forms. Example of Malware are:
- Macro viruses: The infect common applications like MS Word, Excel and many more. The virus is executed when any of its carriers are accessed.
- File infectors: This type of malware attaches itself to executable codes like .exe files. The virus is installed when a code is loaded.
- Logic bombs: This type of malware are attached to an application and are executed when a logical condition is met or at a specific date or time.
The best preventive methods against malware are by having the right anti-virus software. Ensure your firewalls are up-to-date.
Taking the best security practices and being careful when visiting sites and clicking links, you can reduce your risk of being a victim of cyber attacks. Contact the cyber experts at Watkins Insurance Group for more guidance, tips, and resources.